Microsoft 365 is the backbone of email, files, and collaboration for a huge share of New Zealand businesses, but most organisations are only using a fraction of what they’re already paying for, and more than a few assume it’s protected in ways it actually isn’t. Here’s what’s worth checking.
- Confirm your licensing actually matches how your team works. It’s common to find a business paying for a higher-tier plan than most staff need, or missing security features that are only included in a slightly different bundle. A quick licence review every year or so often pays for itself.
- Turn on conditional access and MFA properly, not just for a few accounts. Microsoft 365’s built-in security tools can restrict sign-ins by location, device, or risk level, but only if they’re configured. Left on defaults, many of the strongest protections are effectively switched off.
- Don’t assume Microsoft backs up your data for you. Microsoft 365 is built for uptime and redundancy, not long-term backup and recovery. Deleted mailboxes, files, and SharePoint sites can fall outside what Microsoft retains once a retention window passes. A separate, independent backup of your Microsoft 365 data is one of the most overlooked gaps we see.
- Use Teams and SharePoint deliberately, not accidentally. Many businesses end up with sprawling, duplicated files across Teams, SharePoint, and OneDrive simply because there was never an agreed structure. A simple, documented approach to where documents live saves hours of searching and reduces the risk of sensitive files ending up somewhere they shouldn’t.
- Review who has access every few months. Staff change roles, contractors finish projects, and access doesn’t always get cleaned up afterwards. Regular access reviews are a small task that meaningfully reduces risk over time.
Microsoft 365 can be an excellent platform when it’s configured with your business in mind, rather than left on out-of-the-box defaults. If you’re not sure whether your current setup already covers all of this, that’s a conversation worth having with whoever manages your IT, whether that’s an in-house person or a managed partner like us. While you’re at it, it’s worth reviewing our guide to cybersecurity basics every growing NZ business should have in place.